| CARVIEW |
Glossary of terms
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
Brute Force Attack
What is a brute force attack? With a brute force attack, the attacker attempts to crack a password or username using an..
.NET Core Framework
What is .NET core framework? .NET Core is the latest version of .NET Framework, a free, open-source, general-purpose..
.NET Framework
What is .NET framework? Microsoft .NET was first released in 2016 as an open-source, cross-platform iteration of the..
Active vs Passive IAST Scanning
Active IAST testing and passive IAST testing Compared with traditional application testing tools and methodologies,..
AGILE
What is Agile? Agile is a frequently used methodology applied to the management of software development projects. It is..
AI code security
AI-generated code isn’t inherently more or less secure than human-written code, but the speed it enables can introduce..
Apache Struts
What is Apache Struts? Apache Struts is a free, open-source framework for creating elegant, enterprise-ready Java web..
Apache Tomcat
What is Apache Tomcat? Apache Tomcat is an open-source Java servlet and Java Server Page container that lets developers..
API Security
What is API security? With organizations pushing forward various digital transformation initiatives, the number of..
Application
What is an application? app stack and tech stack explained Applications encompass a wide range of functionalities to..
Application Attacks
Application attacks: An overview Application security vulnerabilities have become a top attack vector that can result..
Application Detection and Response (ADR)
What is application detection and response (ADR)? In cybersecurity, ADR stands for application detection and response...
Application layer attacks
Attacks targeting the application layer (Layer 7) are increasingly on the rise, with the application layer now being..
Application Security
What is application security? Application security is the use of software, hardware, and procedural methods to protect..
Application Security Monitoring (ASM)
What is Application Security Monitoring (ASM)? ASM moves beyond point-in-time testing to establish persistent..
Application Security Posture Management (ASPM)
What is Application Security Posture Management (ASPM)? Application Security Posture Management (ASPM) is a centralized..
Application Security Testing (AST)
Application security testing tools Application security testing describes the various approaches used by organizations..
Application threat detection
With application and application programming interface (API) attacks on the rise, organizations need better solutions..
Application Vulnerability
What is application vulnerability? Application vulnerabilities are flaws or weaknesses in an application that can lead..
Application vulnerability monitoring
Contrast Application Vulnerability Monitoring (AVM) provides best-in-class monitoring that, when combined with our ADR..
ARP Poisoning Attacks
ARP stands for Address Resolution Protocol which is used in network communications. ARPs translate Internet Protocol..
Authentication bypass vulnerability
Authentication bypass vulnerabilities remain common and can cause significant harm. Traditional application defenses..
Binary Code Analysis
What is binary code analysis? Binary code analysis, also referred to as binary analysis or code review, is a form of..
Broken Access Control
What is broken access control? Broken access control has moved up from #5 in 2017 to #1 in 2021 in the OWASP Top 10..
Broken Authentication
What is broken authentication? Broken authentication was #2 on the 2017 OWASP Top 10 list. In 2021 the Broken..
Buffer Overflow
What is buffer overflow? Buffers provide a temporary area for programs to store data. A buffer overflow, also known as..
Code Injection
What is code injection? Code injection is the term used to describe attacks that inject code into an application. That..
Code Repository
What is a code repository A code repository is a central location where software developers can store, manage, and..
Command injection
What is command injection? With a command injection attack, an attacker can hijack a vulnerable application in order to..
Computer Worm
What is a computer worm? Computer worms have been around for more than three decades and show no sign of extinction...
CSRF Vulnerability
Cross-site request forgery (CSRF) attack Application attacks are on the rise and becoming more advanced. On average,..
CVE-2016-1000027
CVE-2016-1000027 Learn about the CVE-2016-1000027 Spring Framework vulnerability, its background, its description, its..
Dangerous Functions
What are dangerous functions? Dangerous functions are the root cause of all Application Security (AppSec) problems. In..
Data Breach
What is a data breach and how to prevent it? A data breach is an incident in which an unauthorized person or entity..
DevOps Security
What is DevOps security? DevOps security refers to the practice of safeguarding an organization’s entire..
DevSecOps
As organizations rush to embrace various digital transformation initiatives, DevOps (development and operations)..
Digital twin for cybersecurity
Contrast Security takes a novel approach to application and API security by creating a digital twin of the application..
Dynamic Application Security Testing (DAST)
Organizations across all industries are transforming digitally to keep up with the competition. Modern software..
Endpoint Detection and Response (EDR)
What is EDR? Endpoint Detection and Response (EDR) is a cybersecurity solution that monitors and protects endpoints —..
Expression Language Injection
What is expression language injection? Expression Language Injection (aka EL Injection) enables an attacker to view..
False Negative
What is a false negative? Designing test cases that accurately identify defects in software can be challenging. As..
False Positive
What is false positive in cybersecurity? False positives occur when a scanning tool, web application firewall (WAF), or..
Firewall
What is a firewall network security system? A firewall is a network security system that monitors and controls incoming..
Function App
A Function App is a Microsoft Azure Functions construct. Essentially it is a group of one or more Microsoft Azure..
Fuzz Testing
What is fuzz testing, or “fuzzing”? In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software..
Go Language
What is go language? Go language is an open-source programming language used for general purposes. Go was developed by..
How eBPF works
Some organizations that promote their solutions as ADR utilize eBPF technology to underpin their offerings. However,..
IAST vs SAST
Definitions of SAST and IAST testing methodologies Static Application Security Testing (SAST) is a static application..
Incident Response
What does incident response mean? In cybersecurity, incident response refers to the process of detecting, analyzing and..
Injection Attack
Overview Injection attacks remain one of the most common application attack vectors. To help prevent these attacks,..
Insecure Deserialization
Deserialization is a core component of web applications At the heart of the essentially limitless realm of information..
Instrumentation
What is code instrumentation? Code instrumentation is a technique where additional code is injected into an..
Insufficient Logging and Monitoring
What is insufficient logging and monitoring? Insufficient logging and monitoring is #10 on 2017 OWASP Top Ten list of..
Interactive Application Security Testing (IAST)
What is interactive application security testing (IAST)? Application security testing describes the various approaches..
Java Programming Language
What is java programming language? Java is a programming language and computing platform first released by Sun..
JavaScript Programming Language
What is JavaScript programming language?? JavaScript is a text-based programming language used both on the client-side..
Kotlin Programming Language
What is Kotlin programming language? Kotlin is a general purpose, free, open source, statically typed "pragmatic"..
Log4Shell
What is Log4Shell? Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was..
Malicious Code
What is malicious code? Malicious code is code inserted in a software system or web script intended to cause undesired..
Malicious Cyber Intrusion
What is a malicious cyber intrusion? As developers strive to meet the demands of the modern software development life..
Man-in-the-Middle Attack
What is a Man-In-The-Middle (MITM) Attack? In a man-in-the-middle (MITM) attack, the attacker eavesdrops on the..
Mean time to detect (MTTD)
For Security Operations (SecOps) professionals and Security Operations Center (SOC) teams, having a low MTTD is crucial..
Method Tampering
What is method tampering? Method tampering (aka verb tampering and HTTP method tampering) is an attack against..
Model Context Protocol (MCP)
The Contrast MCP server is a bridge between Contrast’s data — most notably, the powerful and contextual Interactive..
MTTR
No matter if you define MTTR as mean time to respond or mean time to remediate, Contrast Security can help you meet..
Network detection and response (NDR)
What is NDR in cybersecurity? Network detection and response (NDR) is a cybersecurity solution that monitors network..
NIST CSF 2.0
Overview NIST CSF 2.0 provides key guidance to organizations of all sizes looking to improve their security posture...
Node.js
What is Node.js? Node.js is an open-source, server-side script that runs on top of Google's open-source scripting..
npm
When it comes to code and package security, Runtime Security is the best option out there for both engineering and..
OGNL Injection (OGNL)
What is OGNL injection (OGNL)? Object-Graph Navigation Language is an open-source Expression Language (EL) for Java..
Open Source Security (OSS)
Implementing a good open source security strategy The term "open source" refers to software in the public domain that..
OSI Layer 7
With attacks targeting OSI layer 7, the application layer, on the rise, organizations need more robust solutions to..
OWASP Top 10
What is OWASP Top 10? The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization..
PCI Application
What is PCI application? The Payment Card Industry Data Security Standard (PCI DSS) is a set of widely followed..
PCI Compliance
What is PCI compliance? Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security..
Penetration Testing
What is penetration testing? Penetration testing, also known as pen testing, security pen testing, and security..
PHP Programming Language
What is PHP programming language? PHP (short for Hypertext PreProcessor) is the most widely used open source and..
Project
What is a Project? A project is a collection of source code contained in a ‘folder’, ‘Zip file’, war file or one or..
Python Programming Language
What is python programming language? Python has become one of the most popular programming languages in the world in..
ReDoS Attack
What is a ReDoS attack? A ReDoS attack is a denial-of-service (DoS) attack that exploits an application’s exponential..
Regular Expression DoS (ReDoS)
What is regular expression DoS (ReDoS)? Regular expressions can reside in every layer of the web. The Regular..
Remote code execution (RCE)
Get a free trial of Contrast ADR and see how it can protect your applications from cyberattacks that result in RCE...
Ruby Programming Language
What is ruby programming language? Ruby is an open-source, object-oriented scripting language developed in the mid-90s..
Runtime Application Self Protection (RASP) Security
What is RASP security? Coined by Gartner in 2012, Runtime Application Self-Protection, RASP, is an emerging security..
Runtime Security
What is runtime security? Runtime Security is defined as protecting software everywhere it runs. Typically, runtime is..
SAST vs SCA
What is a SAST tool? Static Application Security Testing (SAST) is a static application analysis technique used to..
SBOM
What is an SBOM (Software Bills of Materials)? Software Bills of Materials (SBOMs) were born out of the need to provide..
Scala Programming Language
What is scala programming language? Scala is a statically-typed, general-purpose programming language that can be both..
SCRUM
What is agile scrum environment? As a set of values and principles that describes a group's day-to-day interactions and..
Security Misconfigurations
What is security misconfigurations? Security misconfigurations is #6 on the latest (2017) OWASP Top 10 list. This..
Security operations center (SOC)
What is a SOC? A SOC is a centralized facility that monitors and analyzes an organization's security systems and data..
Sensitive Data Exposure
Any industry that collects, stores, or processes sensitive data is at risk for a data breach. In 2020, the average cost..
Session Fixation Attack
What is session fixation attack? Session fixation and session hijacking are both attacks that attempt to gain access to..
Session Hijacking
Session hijacking attacks The importance of security is on the rise as digital innovation explodes. And as..
Software Composition Analysis (SCA)
What is software composition analysis (SCA)? Today’s software applications rely heavily on open-source components. SCA..
Software Composition Analysis (SCA) tool in the code repository (repo)
What is SCA in the repo? What is repository level SCA? When a Software Composition Analysis (SCA) tool scans a..
Software Development Life Cycle (SDLC) Security
What is the software development life cycle, aka SDLC? The Software Development Life Cycle (SDLC) is a framework that..
Spoofing
What is spoofing? Spoofing is when a bad actor disguises themselves as a trusted device or user in order to gain access..
Spoofing Attack
What is a spoofing attack? In a spoofing attack, a malicious party or program impersonates another device or user on a..
Spring Core
What is Spring Core? Spring Core (spring-core) is the core of the framework that powers features such as Inversion of..
Spring Framework
What is Spring Framework? The Spring Framework provides a comprehensive programming and configuration model for modern..
Spring Web MVC
What is Spring Web MVC? A Model-View-Controller (MVC) architecture for the Spring Framework that can be used to develop..
Spring Webflux
What is Spring Webflux? Spring Webflux is the reactive-stack web framework added in Spring version 5.0. Reactive..
Spring4Shell
What is Spring4Shell? Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on..
SQL Injection Attack
What is a SQL injection? A SQL injection attack consists of an insertion or injection of a SQL query via the input data..
Static Application Security Testing (SAST)
What is static application security testing (SAST)? Static application security testing (SAST) involves analyzing an..
Untrusted or Insecure Deserialization
What is untrusted or insecure deserialization? Serialization refers to the process of converting an object into a..
Vibe Coding
What is vibe coding? Vibe coding represents a fundamental shift in software development, moving the developer's role..
Vulnerability Assessment
Cyber crimes are expected to cause more than 6 trillion dollars in damages in 2021. By the year 2025, it's estimated..
Vulnerability Scanning
What is vulnerability scanning? Vulnerability scanning is the finding of security flaws and vulnerabilities, analyzing..
Vulnerability Testing
What is vulnerability testing? Vulnerability testing is an assessment used to evaluate application security by..
WAF vs. RASP Security Tools
WAF vs. RASP security tools: a defense in depth approach to application security In today's threat landscape, web..
Web Application
What is a web application? A web application is a program that can be accessed through a web browser and runs on a web..
Web application firewall (WAF)
While web application firewalls (WAFs) have long played — and continue to play — a key role in defending applications..
Web Browser Attacks
What is a web browser attack? A web browser attack is a type of cyber attack that targets vulnerabilities in web..
Website Scanner
Development teams are a fundamental part of organizations, with digital transformation ascending to the top of..
What is a path traversal attack or directory traversal attack?
What is a path traversal attack? Understanding the harm it can cause Path traversal attacks use an affected application..
XSS (Cross-site scripting)
What is cross-site scripting? "Cross-site scripting" originally referred to loading the attacked, third-party web..
Zero-day exploits
With zero-day exploits on the rise, organizations need robust defenses designed to protect their applications against..
Zip File Overwrite
What is zip file overwrite? Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in..
